Pat Townsend Unveils Encryption Key Appliance
December 2, 2008 Alex Woodie
Pat Townsend Security Solutions plans to roll out a new encryption key management appliance early next year called Alliance Key Manager, the company announced recently. With the capability to store and manage keys across all major platforms, including System i, the product will be a good fit for customers of all sizes, including OEMs and ISVs, the company says.
The new Alliance Key Manager product will help organizations create, distribute, archive, and manage the symmetric keys that allow them to encrypt and decrypt their data as it sits in databases and applications, and thereby adhere to various regulations requiring data encryption, such as PCI, HIPAA, GLBA, and the privacy notification laws.
The product will be based on IBM System x servers and a hardened version of the Linux operating system, and will ship with libraries enabling it to work out-of-the-box with all the major server platforms, says Patrick Townsend, president of the Olympia, Washington, company.
“One of the most challenging parts for customers deploying key management is the development work needed to retrieve a key,” Townsend said last month during a press conference to introduce the product. “We’re going to try to help customers speed though this process by providing libraries on all of the enterprise platforms, including Windows, Unix, Linux, IBM System i or AS/400, and IBM System z or z/OS.”
The reliance on IBM System x servers will give Alliance Key Manager a strong, stable platform for customers to base their key management on, and will include support for mirroring and failover of the key environment. It will also support complex network topologies, including hub-and-spoke and mesh networks, to provide resilience against network outages.
These are requirements of enterprise customers implementing encryption, Townsend said.
But the appliance is not for everybody. “Alliance Key Manager is distinguished from others in that it’s not doing PKI [Public Key Infrastructure] key management,” Townsend said. We’re strictly focused on symmetric encryption keys.” However, the product may support PKI environments in the future, Townsend said.
Alliance Key Manager is in the process of becoming FIPS-140 certified, which will give the product a large potential audience among government agencies and the private contractors that work for them. In addition to medium to large companies and public organizations, Patrick Townsend foresees Alliance Key Manager being adopted or resold by a network of ISVs, VARs, and OEMs that are looking to offer encryption key management solutions to their customers.
Alliance Key Manager is not the first enterprise-strength encryption key management product from Pat Townsend. For the last two years, the company has been selling a product called Alliance Key Server for System i that offers many of the same key management capabilities that Pat Townsend is looking to offer in Alliance Key Manager, including the capability to manage and distribute keys for a variety of operating systems.
The two main differences between the products are Alliance Key Manager’s appliance-based framework and FIPS-140 compliance. FIPS-140 compliance is a stumbling block for Alliance Key Server, as it is for many i OS (i5/OS) applications, Townsend said.
“The independent testing labs who do FIPS-140 certifications just are not familiar with the System i operating system,” Townsend said. “It was just not possible on a System i platform to make an independent appliance-based solution and meet the price target that we wanted to have for a key manager.
“For those two reasons, we moved to an appliance-based platform, where we had a better control over the cost, and a better chance at getting that FIPS-140 certification in a controlled environment,” Townsend said. The System i key manager will continue to be sold and supported, although Townsend expects many customers to migrate to Alliance Key Manager.
Alliance Key Manager will support many third-party encryption offerings, Townsend said. “Our goal is to provide a key management solution that’s independent and vendor neutral,” Townsend said. “Customers that have encryption solutions in place that have key management are not forced to purchase our encryption modules. It’s truly independent and designed to work with a variety of third-party encryption and security solutions.”
The new product is currently in beta and is expected to become generally available in the first quarter of 2009. Pricing is tentatively set at $20,000 for the first appliance, and $15,000 for additional appliances.